Pssst... Wanna Buy a Microsoft Bug?

February 2, 2007 / Misc / Comments (0)

Proof that we are living in an information economy comes in a New York Times articles about the market for Microsoft Vista bugs (or in the corporate giant's own parlance, "known issues"):

When its predecessor, Windows XP, was released five years ago, software bugs were typically hunted by hackers for fame and glory, not financial reward. But now software vulnerabilities -- as with stolen credit-card numbers and spammable e-mail addresses -- carry real financial value. They are commonly bought, sold and traded online, both by legitimate security companies, which say they are providing a service, and by nefarious hackers and thieves.

So how much does a bug sell for?

The Japanese security firm Trend Micro said in December that it had found a Vista flaw for sale on a Romanian Web forum for $50,000.

Wow, fifty big ones, eh? Are bugs hard to find?

“To find a vulnerability, you have to do a lot of hard work,” said Evgeny Legerov, founder of a small security firm, Gleg Ltd., in Moscow.

How times have changed. In the early 1990s, users willingly documented MSWord bugs and brought them to Microsoft's attention, in a desperate effort to have the product improved. James Gleick's 1992 article, Chasing Bugs in the Electronic Village, documents how bugs were becoming a major problem even then.

Bugs are [software's] special curse. They are an ancient devil -- the product defect -- in a peculiarly exasperating modern dress. As software grows more complex and we come to rely on it more, the industry is discovering that bugs are more pervasive and more expensive than ever before... When a program doubles in size, the potential for unexpected bugs more than doubles -- far more, just as the number of potential love affairs more than doubles when the population of your office rises from 10 to 20...

15 years later, bugs have become an industry in their own right.

Sidebar: Bill Gates met with the Romanian president Traian Basescu yesterday, who attributed the success of his country's IT industry to, eh, pirated copies of Microsoft products. Unsurprisingly, Bill gates (who apparently seemed a little shocked by the remarks) did not comment.

Comments

0 comments / Skip to comment form

Leave a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)